Authenticating (identifying) users from various signals and modalities plays an important role in securing data and applications and in authorizing specific sets of identities to gain access. All authentication solutions draw information from at most three categories: biometrics, possession and knowledge. The latter is usually implemented as an authentication interview in which knowledge is communicated in some way (written text, spoken word), a classic example being a user personal identification number (PIN).
Knowledge-based authentication is prone to imposter attacks combined with so-called “social engineering,” i.e., various ways to acquire the knowledge necessary to pass the authentication (e.g., “shoulder surfing,” guessing passwords, etc.), the main weakness of this type of authentication. Possession-based authentication (e.g., door key or some other identifying device) and biometric-based authentication (e.g., fingerprint) are also prone to fraud.